SDN is quickly becoming the mainstream technology. In fact, it allows you to simplify networking. SDN is a whole new way of thinking about networking, and it has several branches. Software-Defined WAN is one of them, although not the most popular (the title goes to the data center). Sometimes, there is some confusion about SD-WAN, and not everyone knows what possibilities and limits it has. In this article we will see what is SD-WAN, and what are its features.
A few words on “traditional” WAN
WAN is the acronym of Wide Area Network. It represents the cluster of technologies you use to connect different locations that are apart from each other. You may use Frame Relay (even if its very old), MPLS, or plain Internet. Nothing so fancy here: once you have the WAN ready, locations can talk to each other, and nothing else. Sometimes, a link will go down for a reason or another and the site will be isolated. Of course, you can add redundant links but no more than that.
WAN is a simple way to allow communication, a way that may be good for the most of us. However, its simplicity has several limits that we will discover as we discuss the features of SD-WAN. If you want to learn more about traditional WAN, check out these WAN technologies.
What is SD-WAN
The Overlay
SD-WAN is a technology that runs on top of traditional WAN. Of course, WAN is a hardware connection and we cannot create a software connection without having some hardware under the hood. Thus, SD-WAN is a technology that controls multiple WAN technologies to achieve advanced features. This is possible by creating several Overlays.
The SD-WAN Overlay virtualizes the physical network below it.
One overlay is a virtual network that runs on top of the physical network. Think of it like a set of IPSec VPNs that run on top of your private WAN. At first, it might look confusing or even unnecessary. However, once we dive deeper into this setup we will see the reasons for it.
Using multiple SD-WAN Overlays
If you run as ingle SD-WAN overlay there is no point in using SD-WAN. In fact, it cannot bring any improvement to your connection, as you will always end up on the same physical link. Instead, things starts to get more interesting by combining multiple overlays.
Having multiple overlays means having multiple networks, that you can create and destroy at will. An enterprise is likely to have several sites, that can then connect using different overlays. Instead of having a flat network, you can shape a more complex design where only some sites talk with some others. You can create separate networks as well, each containing a few sites.
You can also mix things up, increasing flexibility. In a site you are going to have many LANs, and you can propagate some to some sites, and some to others. Even better, you can achieve this level of granularity with no intervention from your provider.
The more overlays you have, the more advanced the policies can be. Here the light-blue networks are seen by all sites, while the green networks do not reach C.
Besides granularity of control and policies, SD-WAN brings another major benefits to the table. It abstracts the network, so that devices in the LAN do not know anymore about the physical WAN. They know about the SD-WAN overlays. As a result, you become independent from the underlying technology. Even better, SD-WAN can dynamically divert traffic to the most performing link.
SD-WAN with DMVPN
Okay, at this point we know the benefits of having multiple network overlays. But, how do we achieve it? Each vendor has its solution to have multiple SD-WAN overlays. However, Cisco is probably leading the way with its DMVPN: Dynamic Multipoint Virtual Private Network. We talked in details about it when we covered WAN technologies.
DMVPN leverages Tunnel technologies like GRE and IPSec to create virtual point-to-point links between sites. In normal VPNs, the administrator prepares these tunnels statically. Instead, with DMVPN the network has a central hub accepting connections. All other routers in remote sites initially create a tunnel to the hub, forming an hub-and-spoke topology. At this point, they can reach all other sites through the central hub. However, as soon as they start making traffic, the hub informs the two communicating remote sites about the details of the other remote site. Then, they establish another tunnel directly between each other, without talking through the hub.
DMVPN allows the creation of dynamic tunnels.
In the end, we achieve a partial or even full mesh topology if needed. You can have one DMVPN hub for each overlay, and create as many DMVPN networks (overlays) as you’d like.
Conclusion
This brief article explained the potentialities of SD-WAN and the technology behind it. SD-WAN enables flexibility and granularity like never before, easing the management as well. However, it adds additional costs and network overhead (because of the tunnels).
Now, we have the tools to evaluate if a SD-WAN solution will suit our business, and define how we can integrate it. What do you think about SD-WAN? Let me know your opinions in the comments.
The post What is SD-WAN (Software-Defined WAN) in simple terms appeared first on ICTShore.com.
